Upload File

1 hellman-mar16

17
How Your Website Leaks Privacy Eric Hellman Free Ebook Foundation March 16, 2016

Upload: national-information-standards-organization-niso

Post on 15-Apr-2017

603 views

Category:

Education


0 download

Report

TRANSCRIPT

Page 1: 1 hellman-mar16

HowYourWebsiteLeaksPrivacy

EricHellmanFreeEbookFoundation

March16,2016

Page 2: 1 hellman-mar16

signals

Whenweusetheinternet,wesendmanysignalstotheservicesweinteractwith.

Manyservicestakeagreatinterestinthesignalsthatusersemit.

Sometimesusersprefermoreprivacy.

Privacyzealotsagree.

Page 3: 1 hellman-mar16
Page 4: 1 hellman-mar16

NotEncrypted!

Page 5: 1 hellman-mar16

http://university.edu/vendor_library/libweb/action/dlSearch.do?institution=XXX&vid=XXX&tab=everything&search_scope=everything&mode=Basic&onCampus=false&displayMode=full&highlight=true&displayField=all&pcAvailabiltyMode=true&bulkSize=30&query=any%2Ccontains%2Cwhat%20to%20expect%20when%20you%27re%20expecting

Page 6: 1 hellman-mar16

Whocanseethissignal?

traceroute touniversity.hosted.vendor.com(66.151.7.135),64hopsmax,52bytepackets1. wireless_broadband_router(192.168.1.1)2. lo0-100.nwrknj-vfttp-306.verizon-gni.net(108.5.176.1)3. t1-0-0-12.nwrknj-lcr-22.verizon-gni.net(130.81.216.46)4. ***5. 0.ae7.gw10.ewr6.alter.net(140.222.231.129)6. teliasonera-gw.customer.alter.net(157.130.91.86)7. nyk-bb2-link.telia.net(62.115.134.109)8. chi-b21-link.telia.net(213.155.136.19)9. internap-ic-150762-chi-b21.c.telia.net(213.248.81.142)10. border1.ae0-bbnet1.chg.pnap.net(64.94.32.4)

me

Wifi Router

Vendor-hosted library

service

verizon

alternet

telia

pnap

?

Page 7: 1 hellman-mar16

WhocanseewhatI’msearchingfor?

me

Wifi Router

Vendor-hosted library

service

eve

NSA?

Page 8: 1 hellman-mar16

Butit’sjusttheISPs,right?

Page 9: 1 hellman-mar16
Page 10: 1 hellman-mar16

OK,soGoogleknows.

• GoogleknowswhoIam– I’mloggedintogoogle (3differentaccounts!)

• But,nocookie,Googlemightnotbetrackingmebyid.Butwhoknows?

http://www.google-analytics.com/r/collect?v=1&_v=j41&a=861561779&t=pageview&_s=1&dl=http%3A%2F%2Funiversity.edu%2Fvendor_library%2Flibweb%2Faction%2FdlSearch.do%3Finstitution%3DXXX%26vid%3DXXX%26tab%3Deverything%26search_scope%3Deverything%26mode%3DBasic%26onCampus%3Dfalse%26displayMode%3Dfull%26highlight%3Dtrue%26displayField%3Dall%26pcAvailabiltyMode%3Dtrue%26bulkSize%3D30%26query%3Dany%252Ccontains%252Cwhat%2520to%2520expect%2520when%2520you%2527re%2520expecting&dr=http%3A%2F%2Funiversityd.edu%2F&ul=en-us&de=UTF-8&dt=what%20to%20expect%20when%20you%27re%20expecting&sd=24-bit&sr=1440x900&vp=1111x299&je=0&fl=21.0%20r0&_u=AACAAEABI~&jid=1553209123&cid=60565101.1450546423&tid=UA-52592218-11&_r=1&z=1128496919

Page 11: 1 hellman-mar16

Whoelseknows??

Page 12: 1 hellman-mar16
Page 13: 1 hellman-mar16

ThecoverscomefromAmazon!http://images.amazon.com/images/P/0761125493.01._SSTHUM_.jpg

WhatsignalsgetsenttoAmazonwhenIdoasearchinthislibrary?

Page 14: 1 hellman-mar16

Referer headershttp://images.amazon.com/images/P/0761125493.01._SSTHUM_.jpg

Amazongetstoknowwhatthelibraryuserissearchingfor!

Referer:http://university.edu/vendor_library/libweb/action/dlSearch.do?institution=XXX&vid=XXX&tab=everything&search_scope=everything&mode=Basic&onCampus=false&displayMode=full&highlight=true&displayField=all&pcAvailabiltyMode=true&bulkSize=30&query=any%2Ccontains%2Cwhat%20to%20expect%20when%20you%27re%20expecting

Page 15: 1 hellman-mar16

Cookieheaderhttp://images.amazon.com/images/P/0761125493.01._SSTHUM_.jpg

Amazonremembersme!

Cookie: s_cmpid=em_dd_dealpref_footer_us;dmusic_jsEnabled=1;kdp-lc-main=en_US;lc-main=en_US;aws_lang=en;sc_idetail=577648;pN=67;s_pers=%20s_vnum%3D1820603279509%2526vn%253D7%7C1820603279509%3B%20s_ev15%3D%255B%255B%2527AZSOAviewallMakeM%2527%252C%25271397597821813%2527%255D%255D%7C1555364221813%3B%20s_fid%3D387E58CD97054BBB-0A903051E8978EFD%7C1483223752935%3B%20s_dl%3D1%7C1420067152938%3B%20gpv_page%3DUS%253AAZ%253A%2520Make%2520Money%2520Landing%253A%2520Home%7C1420067152946%3B%20s_invisit%3Dtrue%7C1431100131631%3B%20s_nr%3D1431098331635-New%7C1438874331635%3B;s_sess=%20s_campaign%3DEM%257CSummit13_E1A%257Cannounce%257Cmarketo%3B%20s_eVar60%3DEM%257CSummit13_E1A%257Cannounce%257Cmarketo%3B%20sc_icampaign%3DSummit13_E1A%3B%20sc_icontent%3Dannounce%3B%20sc_iplace%3Dmarketo%3B%20c_m%3DAZSOAviewallMakeMundefinedAmazon.comundefined%3B%20s_cc%3Dtrue%3B%20s_sq%3Damznsrvsprod%253D%252526pid%25253DUS%2525253ASC%2525253A%25252520SellerCentralLogin%252526pidt%25253D1%252526oid%25253D%252525A0%252525A0Sign%25252520in%252525A0%252525A0%2525250A%252526oidt%25253D3%252526ot%25253DSUBMIT%3B;apn-user-id=5af86f07-1371-43ab-98de-0cce80365f4b;sc_ipage=ibc_landingpage;s_ppv=100;aws-target-static-id=1441899433850-398180;s_eVar60=em%7Cem_13355%7Cglobal%7Cevent;sc_ichannel=em;sc_icampaign=em_13355;sc_icountry=global;sc_icampaigntype=event;aws-business-metrics-last-visit=1449413507108;skin=noskin;aws-gz=1;session-token="jeLgRlubBszDPQXsYQeAE0fhleGl1CVoaxoiRw1hRtlovE70dRrKW5+pRwUEbrXx1SWaznx30XKm9mO9Ualvswwc5Zsi15yFBJdOMQRX9Uvew8azj5fR5+85NY32RkWINA/cLtz1Coew6S+9YuZHAj2xzvNDGTszaFH0Z4RNTixCTb+8kyVVVSdGAHrf4WF3NI2W3S4Yh8Y0wLcaTlLuZybz7ZbcLWJFh41m3GALM10=";x-main="q?Td@IJwuwMlVBHZiZiWHANGhIUWBaEW";x-wl-uid=1T5ZIJ9srYpnK7msnBqBXW0GIadpVHD/H6ch0ws0sq8+WdnQgpCoVkc2yXzfinlIEM0bJDq6Jkif/Aii82Z45f8IDVLp1tRYcqCwv8yIAXi4mzBrx+CwkWCMITg4XSNIs+m6sxTloLhg=;s_vnum=1825647050840%26vn%3D7;ubid-main=176-2476538-3066565;session-id-time=2082787201l;session-id=178-6751876-1747438;aws-session-id=189-2051376-8622317;aws-session-id-time=1458335250l;aws-mkto-trk=id%3A112-TZM-766%26token%3A_mch-aws.amazon.com-1453315552278-34638;aws-target-visitor-id=1426084761553-357078.25_01;aws-target-data=%7B%22support%22%3A%221%22%7D;s_cc=true;s_fid=49AD8FA9A0599598-30FA44442C927A1A;s_dslv=1458052161012;s_vn=1489264466108%26vn%3D9;s_nr=1458052161019-Repeat;c_m=Search%20Engineundefinedwww.google.com;s_sq=awsamazonprod2%252Cawsamazonallprod2%252Cawsamazonallprod1%252Cawsamazonprod1%3D%2526pid%253DSignup%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fportal.aws.amazon.com%25252Fbilling%25252Flogout%252521doLogout%2526ot%253DA;aws-ubid-main=177-4032474-5005539;aws-x-main="fR@dlrH?TlponCnSlbPW1vkKHJicGv2dnaEOgIRA6A7jPsJ0ADZu0XFfU5EEG4VG";regStatus=registered;__utmv=194891197.%22fR%40dlrH%3FTlponCnSlbPW1vkKHJicGv2dnaEOgIRA6A7jPsJ0ADZu0XFfU5EEG4VG%22;__utma=194891197.961563651.1446149352.1458053753.1458053772.98;__utmc=194891197;__utmz=194891197.1458053772.98.58.utmccn=(referral)|utmcsr=amazon.com|utmcct=/ap/signin|utmcmd=referral

Page 16: 1 hellman-mar16

Thislibraryisbetrayingme!

(youshouldseewhatpublishers do!)

Page 17: 1 hellman-mar16

Becomeaprivacyzealot!

• SwitchtoHTTPS• Turnoffreferer headers• Thinkbeforeyoulink

Details athttps://go-to-hellman.blogspot.com/


Diffie Hellman Rsa

Presentacion CMC - MAR16

Report grandi comuni mar16

Diffie hellman

Merkle-Hellman Knapsack

78 s 25 mar16

Hearing HQ Magazine Dec15 Mar16

NoMirror #02 - Mar16

Zurich Mar16

Dmaltz Mar16 150112

Lillian Hellman

11384_Diffie Hellman

08 Diffie Hellman

Bodyshop mar16

Lonely Planet USA Catalogue Mar16-Aug16

CV - Andrej Rezonja- mar16-all_in_one

Échange de clé Diffe-Hellman - École Normale …nitulesc/files/2M120/Echange.pdfNotionsdesécurité ProtocoleDiffie-Hellman Logarithmediscret ÉchangedecléDiffe-Hellman AncaNitulescu

Prebid Final Draft Mar16

Bentley Academic Program Mar16

GDC : Mar16.pdf

1A-RacionlAdmint-UAP-MAR16 (1)

Mar16 C01 Bc Tewb

[NMDS] Erik Hellman

Life of david brainerd 6 mar16

Tamandareempaginas mar16

Tide Mar16 Web

Lista de Preços out15 mar16.pdf

Ne etthherrllanddss –– eAm msstterrddaam 5 Days Nights 日 3 姆 · 23 Mar16 – 29 Mar16 2,640 1,980 V Premium Economy 23 Dec15 – 31 Mar16 8,210 6,150 E Business 23 Dec15 –

Hellman Thesis Ocr

Lectura Jenifer Hellman

03 world renewal mar16

3 conley-mar16

lecture mar16 - web.pa.msu.edu

Vasopressors Judith Hellman, M.D. Associate ... Vasopressors.pdf · VasopressorsVasopressors Judith Hellman, M.D.Judith Hellman, M.D. Associate ProfessorAssociate Professor Anesthesia

TGPw Institucional Resumo Mar16